• bet365娱乐, bet365体育赛事, bet365投注入口, bet365亚洲, bet365在线登录, bet365专家推荐, bet365开户

    WIRED
    Search
    Search

    Hacker Breaks Down Hacking Scenes From Movies & TV

    Once again, hacker and security researcher Samy Kamkar takes a look at a variety of hacking scenes from popular media and examines their authenticity. Is the 3D file system from Jurassic Park real? Can you actually hack a smart fridge like in Silicon Valley? Is there a difference between a virus and a worm?

    Released on 04/29/2021

    Transcript

    [piano music]

    Keeps rewriting itself to counter my commands.

    This has something to do with computers.

    Hack 'em all.

    Hi, I'm Samy Kamkar.

    [Narrator] Samy is the co-founder of OpenPath Security

    and a computer hacker.

    I'm back to talk about more hacking scenes

    in TV shows and movies.

    Breaking into a government system, The X-Files.

    This has something to do with computers, the internet.

    Actually the ARPANET.

    You can access it through the internet.

    I want to believe, but this clip isn't too realistic.

    ARPANET is essentially what the internet came from.

    DARPA, the U.S. government agency created ARPANET

    and that bubbled into the internet

    and became publicly available.

    When the X-Files came out,

    ARPANET was no longer in existence.

    Isn't there something you could-

    I mean how do you say it, hack into?

    I'm sorry, I think this is the end of the line.

    How you say, that's what she says.

    She says, How you say, hack.

    [Samy laughs]

    How do you say it, hack into.

    But How you say is what you say in other languages

    when you don't know.

    Right?

    [computer beeps]

    What did you do?

    Oh, it's a government system,

    I know a couple of logging out tricks with VMS version five.

    If you're using a password that you know,

    then I don't really consider that hacking.

    [tense music]

    [Woman] What is that?

    It's an encrypted file.

    [computer beeps]

    Why would your three year old have an encrypted file

    in a secret defense department database?

    Can you decode it?

    There's another issue here

    in that they find a file that's encrypted,

    that by itself is not too unrealistic.

    They're showing the file in ASCII format.

    Can you print it out for me?

    But when you print it out,

    that's going to be useless information.

    And that's because many of the characters

    that would be in an encrypted file

    are not visible in an ASCII format.

    So you end up with things like periods,

    which may or may not be a period

    or it could be a totally different character or byte.

    So your ex-boyfriend is into computers.

    I would totally say that.

    Wait, your boyfriend's into computers?

    I should meet him.

    [Samy laughs]

    Locking down a system, Jurassic Park.

    [computer beeps]

    [tense music]

    [computer beeps]

    Five, four.

    [door hisses]

    In this clip, it looks like Newman,

    you know who I mean.

    Newman!

    Is kind of running around,

    activating or deactivating certain types of locks.

    But, at some point, someone else tries to run a command,

    like access grid, and that causes an access denied.

    But then he gets a series of messages.

    So, this doesn't look too realistic,

    just on the fact that he's getting access denied messages

    without a password.

    And he's also then getting a message in a loop,

    which is just less likely to happen in a realistic scenario.

    This reminds me of some of the clips

    that we saw in the first technique critique

    when we were seeing, really,

    just a lot of pop-ups that would occur.

    Stop the popups.

    [Samy laughs]

    And a lot of videos typically

    that will hackers will put onto devices.

    [cats meow]

    That's not something we generally see in the real world.

    [tense music]

    It's a Unix system.

    It's all the files of the whole park.

    The girl gets to the computer and says,

    It's a Unix system.

    It doesn't look like a Unix system,

    which is typically a terminal or a console window.

    But it actually is Unix.

    It tells you everything.

    I gotta find the right file.

    The 3D interface that she's using is a legitimate software

    that a company called SGI made many years ago.

    It's not something anyone actually uses.

    It was really just about proof of concept

    of using a 3D file system.

    The reason no one would ever use it

    is because it takes forever to navigate a 3D system

    when you're just trying to find a file.

    Hate this hacker crap!

    Decrypting a file, The code.

    I'm up in air in the video compression.

    Can we fix that?

    Maybe.

    But, I would need to get online.

    [keyboard clicks]

    [tense music]

    Here we see Jesse taking a corrupted video file.

    And, for a moment

    we see him start running a program called ffmpeg.

    And, he essentially tries to remove corruption

    from this video file.

    And that's totally reasonable.

    [keyboard clicks]

    ffmpeg is meant for all sorts of modifications

    or alterations to video images and audio.

    So, for example, if you have something that's corrupt,

    you could take all of the frames that are not corrupt,

    extract them, and then reconstruct all of those frames

    into a single video.

    There was a part that was inaccurate

    in where we saw the red, green, and blue channels

    all visually come up.

    While that would be possible to do,

    ffmpeg, the tool itself is a terminal based tool.

    So, it's all text-based despite operating on video image

    and audio.

    Can we fix that?

    Maybe. But I would need to get online.

    He asked to go online,

    but if he already has that ffmpeg tool

    downloaded to his machine,

    there's actually no reason for him to go online.

    So, who knows what he was actually doing?

    Sometimes you do hear of hackers getting sentenced

    not to use computers or be on the internet.

    Unfortunately, that occurred to me

    earlier in my life for several years.

    I don't know if we want to go into it.

    [Samy laughs]

    Now I'm allowed to be on the internet.

    [Samy laughs]

    Hardware hacking, Firewall.

    I need my daughter's MP3 player to use as a hard drive.

    Here we see Jack Stanfield using his daughter's ipods

    to store data while under duress in a kidnapping situation.

    This is the scanner head and the fax machine.

    Yeah.

    And you'll capture the images of the account numbers

    off the server screen and transfer them to this.

    That's totally realistic.

    If you think about an MP3, it's just a digital format

    of audio.

    And audio is really just an analog signal.

    So, you can convert that into a digital format

    and-

    Just like you can convert any other data

    into some digital format.

    But, they're still just images,

    what are you going to do with them?

    Use an OCR program to convert it to data

    that the computer can use.

    He also mentions using OCR,

    which is object character recognition.

    So, if I were to take a screenshot of a bank account,

    it's an image, there's not actually text in it,

    even though I can read the text.

    OCR software would then convert that

    and extract all of the text from it

    without me having to type it in manually.

    10,000 songs, 10,000 account codes,

    it doesn't know the difference.

    The only thing he doesn't go over here

    is how he converts the images from the scanner

    into the MP3s.

    You do need some conversion to occur.

    So, that needs to be a computer or a microcontroller

    or something.

    Should work.

    Hacking a smart fridge, Silicon Valley.

    Hello my cofriend.

    [fridge dings]

    Hello?

    [Fridge] Huh, suck it Jin-Yang.

    Mm, ah huh.

    Your attacking and destroying my refrigerator?

    And you misspell my name.

    Essentially, smart fridges themselves

    are really just computers.

    They're running some operating system,

    maybe a stripped down version of Linux.

    When I was able to brute force the backdoor password

    to that chrome piece of shit in under 12 hours.

    What Gilfoyle was saying

    is that he was able to brute force the password.

    All that means is

    he went through millions and millions of passwords

    trying to authenticate through some mechanism

    that the refridge exposed.

    Maybe it's connected to the WiFi network

    and it has a port open that you can then connect to.

    That is a possible scenario.

    A back door is a way to log in or authenticate into a system

    without going through the traditional mechanism.

    So, maybe a website has a username and password field.

    A backdoor would be a special URL

    that you wouldn't need to enter any username or password

    But I added a little visual flair.

    [Fridge] Huh, suck it.

    [tense music]

    Hacking an ATM pin, Terminator 2: Judgment Day.

    [Boy 1] Please insert your stolen card now.

    [ATM revs]

    [keyboard clicks]

    They insert a device that looks like a credit card

    tied to a computer with a ribbon cable.

    And it looks to do some type of brute force of the pin code.

    Go baby, go baby, go baby.

    Right.

    Yes!

    Easy money.

    Some of this could be possible.

    The problem is the pin code has nothing to do

    with the data on the credit card,

    nor is it ever inserted within the credit card slot.

    Those are two independent systems.

    What they're doing here with the pin

    just isn't talking to the right system.

    So, they'd have to be plugged into something else

    in order to even attempt an attack like this.

    [Boy 2] Where did you learn this stuff from anyway?

    From my mom.

    Destroying a hard drive, The Core.

    This is the FBI, we have a warrant.

    [Man] Shit!

    [electronic music]

    [toaster hisses]

    [microwave hums]

    In this scene, the main character is trying to wipe,

    delete, purge any data he can

    from a number of different data storage types.

    [electronic music]

    He takes some pretty big magnets

    and he goes over, what I assume are hard drives.

    Which would work

    for traditional spinning platter hard drives.

    That would erase a lot of the data

    as the data is kept in magnetic fields.

    If I had to destroy something

    like a traditional spinning hard drive,

    then I probably would do something similar by using magnets.

    But, ideally, I would also want to open it after the fact

    and then crush it into bits.

    The more small pieces you have,

    the less data someone will be able to extract

    and be able to put them together.

    [electronic music]

    [microwave hums]

    [microwave dings]

    He also throws some CDs or DVDs into a microwave.

    The data there is actually stored within the polycarbonate.

    So, if he had a sufficient time to melt it

    he could make it disappear,

    but it just depends on that amount of time.

    [electronic music]

    [Man] Purge.

    He also deleted some data, just using software.

    Now, a quick software delete, in the period of time he had,

    which was only a few seconds.

    While that appears to delete the files,

    it actually doesn't delete the data.

    All it does is tell your hard drive or your computer

    that the data in this sector is now free.

    In order to actually delete data from a drive

    you actually need to overwrite that data.

    And typically you want to overwrite it several times.

    Then, for a safe measure,

    hit it with a hammer a bunch of times.

    I know these look like computers,

    totally not.

    Faraday cage, Enemy of the state.

    [machine grinds]

    This is where I work.

    Completely secure.

    Copper wire mesh keeps the radio signals out.

    He says this copper wire cage or a faraday cage

    keeps radio signals out.

    Normally that is true.

    When you have a conductive mesh or a metallic mesh,

    the only thing that can penetrate that mesh

    are wavelengths that are essentially smaller

    than the mesh itself.

    So, the holes themselves.

    But, in this case,

    there is a lot of radio frequency

    that can fit in that wavelength.

    So, really, even something like five gigahertz,

    Wifi would be able to penetrate that mesh.

    If the mesh were smaller,

    then it would be able to block a lot more radio frequency.

    Hate to see the chicken that lives in this coop.

    Acoustic analysis, Eagle Eye.

    [computer whines]

    Sir, all the threats we've been tracking chatter all-

    Hold it.

    In this scene a couple of things are happening.

    There is a voice over IP phones

    that they ultimately disconnect

    to prevent someone from snooping or enabling the microphones.

    It shows that the camera is essentially able to read lips.

    [camera beeps]

    Really creative and absolutely doable with software today.

    [camera beeps]

    [Woman] Section 216 of the Patriot Act.

    What they didn't expect, and, which is really creative,

    is they're actually using acoustic analysis

    to look at vibrations off the coffee cup that was there.

    So, when you're speaking or when someone's speaking

    they are moving air molecules

    and that's going at a certain frequency

    based off the frequency of their sound.

    When that hits something like the drink,

    you're actually able to convert that physical change

    of that liquid back into audio.

    Because, essentially, it's moving at the frequency of sound.

    And if you can visually see that,

    you can then convert that visual frequency

    back into the frequency of sound and hear it.

    So, it's actually a very creative, but it is doable.

    Denial of service attack, Ralph Breaks the Internet.

    [Malicious character] Scanning for insecurities.

    Come on, don't leave me!

    [Malicious character] Insecurity detected.

    [creature fires]

    In this clip, we see some sort of malicious system

    that is finding this insecurity in Ralph.

    And they're essentially duplicating Ralph

    and duplicating this insecurity

    which then takes over all sorts of websites, sops.

    It starts interfering with people's web browsers.

    The internet is under assault

    as a massive denial of service attack

    crashes servers across the web.

    Denial of service

    typically isn't going to do something manipulative

    like alter your web browser or alter a video feed.

    Instead, its goal is one simple thing

    and that's to bring a system down.

    While this is a pretty unrealistic

    I think we can give Ralph a pass here,

    just for his insecurity.

    [girl yells]

    Hijacking a TV channel, V for Vendetta.

    [static hisses]

    For god-

    Dad, what's wrong with the tele?

    Good evening London.

    In this scene,

    we see someone essentially taking over a TV station.

    In this case, I don't consider this hacking,

    because they essentially already have the capability,

    they're in the station and they have the ability

    to already override the video that's been playing right now.

    What makes it a little less unlikely,

    is that they're also taking over billboards.

    And often those are coming off a separate feed

    off some prerecorded video.

    Granted, those could be based off of live video as well.

    In Tim Burton's Batman,

    we do see something similar

    where a live newscast is taken over by the Joker.

    Now, that is actually a lot more realistic

    and is an actual hack

    because often, live broadcasts are being aired over radio.

    So, if someone can intercept,

    and by intercept I just mean send a stronger signal,

    and they can actually override that signal

    if they can hit the receiver and take over that.

    So, that is something that can happen

    and has happened in the past.

    He don't look happy.

    He's been using Brand X.

    Stock market hack, Who Am I?

    [rock music]

    In this clip they're on the roof

    of what appears to be a stock exchange.

    And they're somehow connecting to the network.

    This, by itself, is going to be a little challenging

    because there are many different networks

    and just being on the roof

    is typically not enough to jump on the network.

    We do see them run something called bashbufferoverflow.sh

    and some number.

    And bufferoverflow is a common technique

    to exploit various types of software

    by overflowing their memory so much

    that you get to a point in memory

    that you can tell the processor where to run code,

    and you can then point that back

    to the original memory you overflowed

    and that's now your code.

    So, it's a way to take over a computer

    just by inputting some data.

    What they're demonstrating

    is that they were able to connect to

    and then run their own code

    and run their own instructions.

    [rock music]

    [speaking in foreign language]

    We're also seeing, essentially, video of a graph.

    And that chart is probably going to be extracted

    from some other locations,

    maybe from a website or from some other feed.

    So, it might be possible,

    but it's going to be challenging to do this.

    [rock music]

    [All] Yeah!

    Autonomous vehicle exploitation, Fate of the Furious.

    There's over a thousand of them.

    Hack 'em all.

    [computer squeaks]

    [engine starts]

    [tires squeal]

    In this clip we see a bunch of cars

    getting hacked and taken over.

    Some of this could be possible.

    And there's a pretty incredible demonstration

    of this type of attack

    where they were able to take a Jeep

    that was driving on the road

    with someone from Wired inside.

    And they were able to take that car over.

    They first started just controlling the windshield wipers,

    adjusting the radio,

    and then actually started messing

    with the controls of the vehicle, like the throttle.

    And that's because some vehicles

    do have these components computerized.

    However, what they're showing here

    where they're just arbitrarily choosing cars to take over

    is really unlikely because it's a lot of effort

    and it's typically a targeted attack.

    You have to really know the vehicle

    that you are trying to get to first.

    [speaking in foreign language]

    [cars crunch]

    Ouch.

    You see a bunch of cars

    that are actually parked and they start driving.

    Well, that's not going to happen

    if you have something like an e-brake.

    As far as I know today

    there aren't many vehicles with a computerized e-brake.

    So, we're just seeing way too many vehicles

    doing way too many things

    they simply don't have the capability to.

    I'd buckle up if I were you.

    Credential hack, Mission: Impossible - Ghost Protocol.

    [machine whines]

    [machine beeps]

    In this scene we see Ethan Hunt

    going into a government building.

    He reveals his credentials

    and the person working behind the desk

    starts scanning the credentials.

    [speaking in foreign language]

    He looks at kind of what percentage of this hacking

    is being done.

    This seems pretty unlikely for a couple of reasons.

    For one, when you're talking about a credential

    or authorization system,

    it's likely not going to be on some wireless network.

    Even if you do have a wireless network

    in a government building,

    it's again, likely not tied to a security checkpoint.

    Another problem here is

    that we see a percentage of completion.

    You almost never have percentages

    when you're talking about hacking.

    Either you have found a mechanism to get in or you haven't.

    So, the loading bar in hacking scenes

    is usually not very accurate.

    Love your disguise by the way.

    Max booth, Mr. Robot.

    [funk music]

    Thanks doll.

    In this scene, we see Darlene

    take a little magnetic read head

    and take a hotel card and scan it.

    And then store it into the device called MagSpoof.

    And then she goes up to the hotel room

    and she essentially hits play,

    which either replays that

    or it brute forces the code and that unlocks the door.

    And that is something that can absolutely occur.

    MagSpoof is a device I personally created

    and it's designed to essentially perform penetration testing

    around different types of mag stripes,

    primarily around credit cards.

    The device itself is an electromagnet.

    And what all that means is

    it's able to create a magnetic field,

    both in North and South.

    The writers of Mr. Robot were really creative here

    and asked if this were possible

    on hotel mag stripes, and it's entirely possible.

    And they actually came up with the idea

    of taking that same device and using it here in a hotel

    to brute force through various numeric codes for a room

    just by having somebody else's room card.

    And that's a totally feasible scenario.

    Hacking at an Apple store,

    Captain America: The Winter Soldier.

    [computer beeps]

    [Woman] Now, it's trying to hide something.

    Can I help you guys with anything?

    Oh no, my fiance was just helping me

    with some honeymoon destinations.

    It seems that, really, what they're trying to do

    is just hide who they are and what they're doing.

    So, they're going to an Apple store

    so they can take the IP address

    of the Apple store rather than doing it safe

    from their home or office or Captain America network.

    How much time do we have?

    Uh, about nine minutes from

    now.

    Generally, you wouldn't want to do it in an Apple store.

    For one, they're going to have a lot of cameras.

    So, all they have to do is correlate the time,

    the computer and then look at the video feed

    and they might be able to capture who was there.

    Well, maybe we can find out where it came from.

    There was an art prank done,

    many years ago at an Apple store in New York.

    The creator, Kyle,

    ended up getting the secret service sent to his house.

    So, you probably don't want to try this.

    Congratulations, where you guys thinking about going?

    New Jersey.

    [Man] Huh.

    If you did want to actually perform attacks

    and hide your IP address,

    it would make more sense to have some sort of device,

    say a Raspberry Pi computer connected to a solar panel,

    throw it on top of a store and then connect to that.

    So, that is now connecting to the free wifi

    of somewhere nearby.

    And now, you're sort of proxied, there's no video of you,

    you're not at the store,

    but you're taking advantage of their IP address.

    And now it's going to be much harder to link back to you.

    Person who developed this is slightly smarter than me,

    slightly.

    A phishing attack, Oceans Eight.

    [computer dings]

    [mouse clicks]

    [man gasps]

    Rihanna, or Nine Ball, is trying to phish somebody.

    She's constructing an email or message.

    It has some link that the person clicks

    and then that person had their camera engaged,

    and the video feed went back to Nine Ball.

    That is pretty unlikely.

    In order to actually enable somebody's web camera,

    you need to get code to execute on their computer.

    That's usually very difficult.

    When you employ those attacks, and they get executed,

    they're going to be discovered pretty quickly,

    if you start using it.

    And it's going to be patched pretty quickly.

    So, it's not to say it's not possible.

    It's just that, once you start using these types of attacks,

    you're essentially burning them.

    Otherwise a phishing attack by itself,

    getting someone to click something,

    or visit a malicious link, that is pretty easy to do.

    And that happens honestly, every day.

    You poor thing.

    Discovering a worm, Hackers.

    [rock music]

    [paper rustles]

    [Man] It isn't a virus, it's a worm.

    Here we see Zero Cool doing some sort of investigation.

    We do see a lot of algebraic formulas, unfortunately.

    Which have really nothing to do with what he's doing.

    Granted, if you're programming,

    you will be writing a lot of algorithms,

    but you're never doing it in,

    let's say the algebraic format that they're showing.

    [Man] It isn't a virus, it's a worm.

    The worm eats a few cents from each transaction.

    And when the worm's ready,

    it zips out with the money and erases it's tracks.

    He says this is a worm and not a virus.

    And that seems true.

    Essentially, we think of a virus as some piece of software

    or malware that requires some action by a user

    in order for it to execute.

    Where, a worm is more likely something

    that requires little to no action in order to proliferate.

    By this point,

    it's already running at twice the speed as when it started.

    When I was younger,

    I did accidentally release a worm on a site

    popular many years ago called Myspace.

    All it did was,

    someone would visit my profile,

    without knowing it, they would add me as a friend

    and the code would copy to their profile.

    That means when someone visits their profile,

    the code would copy to their profile.

    Within about 24 hours over a million people were infected.

    It said, Samy is my hero on all these profiles

    and Myspace had to shut down in order to remove this worm.

    Unfortunately for me,

    I couldn't touch a computer for several years.

    I wasn't allowed on the internet

    until I went back to a judge.

    Now we're here.

    [Samy laughs]

    Crash 1,507 systems in one day?

    Aptitude test, Snowden.

    We're going to start with an aptitude test.

    [electronic music]

    The average test time is five hours.

    If you take more than eight, you will fail.

    I don't know whether aptitude tests like this

    happen in government, I can only assume they do.

    I know with a lot of companies,

    you will go through some types of tests.

    You will be on the spot.

    You will be given a computer

    or you'll be given a whiteboard.

    And they'll say, Okay, do X.

    You know, Write some software to perform this.

    So, there are realistic tests like this.

    [electronic music]

    It's actually interesting

    because they're running legitimate commands.

    We see nmap run a few times.

    We see tar, an archiving utility used to compress some data

    and then extract that data.

    A lot of this was extremely realistic.

    I'm really just nitpicking,

    but a couple of those commands had a verbose flag enabled,

    which should have output a lot more data,

    but they did not output any data.

    But, otherwise it seemed like a reasonable clip.

    Eyes on screens.

    [Man] We don't have enough card space

    to do all the other clips.

    Does anyone have an ipods?

    [men laugh]

    [bell dings]

    [Narrator] Conclusion.

    Hacking itself

    is not always the most glamorous to look at.

    However, we are seeing more and more hardware type hacking

    where people are taking physical devices

    and moving hacking into the real world.

    [gentle music]

    And that by itself, I think, looks more interesting.

    [Man] And that's a wrap.

    [group applauds]

    All right, guys, from the top.

    [men laugh]

    Up Next
    bet365娱乐